LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General > Linux - Certification
User Name
Password
Linux - Certification This forum is for the discussion of all topics relating to Linux certification.

Notices


Reply
  Search this Thread
Old 03-26-2009, 10:29 AM   #46
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,978
Blog Entries: 1

Rep: Reputation: 209Reputation: 209Reputation: 209

Quote:
Originally Posted by descarte View Post
I don't deny tcp_wrappers can be handy. but as pointed out earlier, got to becareful though. apps that do not implement libwrap.so cannot be controlled by tcpwrappers. So you have to be familiar with it and not spend time troubleshooting problems that you create for yourself in the exams. say for eg,


oops httpd is running ant not in the list.

I got my rhce without using tcp_wrappers. I believe custango got his with tcp_wrappers. everyone works differently and it is the result that matters in the exam. But as a good sys admin and looking beyond the certificate, we have to know all possible methods of achieving certain result, or at least know how things work in the backend. I know sysadm who just keep using yum or apt-get. When dealing with extreme scenario like rescue environment, the rpm command line mastery becomes important.
Agreed.

And yes I got my RHCE using tcp_wrappers, but you're right...you need to KNOW which services are controlled by tcp_wrappers and which rely on thier own ACLs (i.e. samba, httpd, etc).


And the RPM commands are VERY essential! It not has only helped me on the test...but it's saved me at work too!

-C
 
Old 03-26-2009, 12:53 PM   #47
latinmusic74
Member
 
Registered: Jun 2007
Posts: 118

Rep: Reputation: 16
Do you really need to use tcp_wrapper or iptables to control host/network/user access to the service? Can you control host/user/network httpd using ALLOW, DENY statements?
 
Old 03-26-2009, 12:55 PM   #48
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,978
Blog Entries: 1

Rep: Reputation: 209Reputation: 209Reputation: 209
Quote:
Originally Posted by latinmusic74 View Post
Do you really need to use tcp_wrapper or iptables to control host/network/user access to the service? Can you control host/user/network httpd using ALLOW, DENY statements?
Depends on what service you are talking about...

iptables is almost always a must. But tcp_wrappers doesn't work with everything...

-C
 
Old 03-26-2009, 11:51 PM   #49
latinmusic74
Member
 
Registered: Jun 2007
Posts: 118

Rep: Reputation: 16
Do not you can deny or allow access to http using httpd.conf configuration file too?
 
Old 03-27-2009, 10:01 AM   #50
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,978
Blog Entries: 1

Rep: Reputation: 209Reputation: 209Reputation: 209
Quote:
Originally Posted by latinmusic74 View Post
Do not you can deny or allow access to http using httpd.conf configuration file too?
Yes.

But tcp_wrappers doesn't work with httpd, so you HAVE to use iptables/httpd.conf file.

-C
 
Old 03-27-2009, 02:35 PM   #51
latinmusic74
Member
 
Registered: Jun 2007
Posts: 118

Rep: Reputation: 16
With iptables you can control network access or host access to http.

With httpd.conf, I think you can control user and network access too..
 
Old 03-28-2009, 11:30 PM   #52
juscelino
LQ Newbie
 
Registered: Feb 2009
Posts: 12

Rep: Reputation: 0
Passed!

Hello guys,

SECTION I: TROUBLESHOOTING AND SYSTEM MAINTENANCE
RHCE requirements: completion of compulsory items (50 points)
overall section score of 80 or higher
RHCT requirements: completion of compulsory items (50 points)

Compulsory Section I score: 50.0
Non-compulsory Section I score: 50.0
Overall Section I score: 100

SECTION II: INSTALLATION AND CONFIGURATION
RHCE requirements: score of 70 or higher on RHCT components (100 points)
score of 70 or higher on RHCE components (100 points)

RHCT requirement: score of 70 or higher on RHCT components (100 points)

RHCT components score: 92.6
RHCE components score: 96.7

RHCE Certification: PASS



JUST PASSED!! Felling very relief right now..


 
Old 03-28-2009, 11:49 PM   #53
latinmusic74
Member
 
Registered: Jun 2007
Posts: 118

Rep: Reputation: 16
Congratulations juscelino. What materials did you use to study for the test?
 
Old 03-29-2009, 11:22 AM   #54
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,978
Blog Entries: 1

Rep: Reputation: 209Reputation: 209Reputation: 209
Quote:
Originally Posted by juscelino View Post
Hello guys,

SECTION I: TROUBLESHOOTING AND SYSTEM MAINTENANCE
RHCE requirements: completion of compulsory items (50 points)
overall section score of 80 or higher
RHCT requirements: completion of compulsory items (50 points)

Compulsory Section I score: 50.0
Non-compulsory Section I score: 50.0
Overall Section I score: 100

SECTION II: INSTALLATION AND CONFIGURATION
RHCE requirements: score of 70 or higher on RHCT components (100 points)
score of 70 or higher on RHCE components (100 points)

RHCT requirement: score of 70 or higher on RHCT components (100 points)

RHCT components score: 92.6
RHCE components score: 96.7

RHCE Certification: PASS



JUST PASSED!! Felling very relief right now..


Congrats!

-C
 
Old 04-01-2009, 01:49 PM   #55
juscelino
LQ Newbie
 
Registered: Feb 2009
Posts: 12

Rep: Reputation: 0
Quote:
Originally Posted by latinmusic74 View Post
Congratulations juscelino. What materials did you use to study for the test?

I used jang's book, the RH300 material, and some websites, vmware with 4 vm's to practice always rebuilding and every day during 3 months trying to learn new info.

Quote:
Congrats!

-C
TKS!
 
Old 04-06-2009, 12:28 PM   #56
rhel5
Member
 
Registered: Mar 2009
Location: Bay Area, CA
Distribution: Redhat Enterprise Linux
Posts: 59

Original Poster
Rep: Reputation: 15
I have a quick question regarding iptables

If I were to secure something like nfs, can I use the gui firewall and a custom iptables command?

For example, check the nfs service on the system-config-securitylevel. Also, I use the command iptables -A INPUT -s ! 192.168.0.1 -p udp --dport 2049 -j DROP along with the gui.

Speaking of nfs port, it uses udp on port 2049 right?

Thanks!
 
Old 04-06-2009, 03:14 PM   #57
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,978
Blog Entries: 1

Rep: Reputation: 209Reputation: 209Reputation: 209
Quote:
Originally Posted by rhel5 View Post
I have a quick question regarding iptables

If I were to secure something like nfs, can I use the gui firewall and a custom iptables command?

For example, check the nfs service on the system-config-securitylevel. Also, I use the command iptables -A INPUT -s ! 192.168.0.1 -p udp --dport 2049 -j DROP along with the gui.

Speaking of nfs port, it uses udp on port 2049 right?

Thanks!
Nope.

NFS uses port map to assign the ports...so NFS uses different ports depending on what portmap does; which makes iptables difficult to configure.

Luckily you can "tell" portmap to use the same ports all the time. See /etc/sysconfig/nfs for more info. Also you have to open port 111 (tcp/udp) for portmap as well in the firewall.

-C
 
Old 04-07-2009, 05:09 AM   #58
descarte
LQ Newbie
 
Registered: Mar 2009
Location: melbourne
Distribution: rhel, centos, debian, ubuntu
Posts: 18

Rep: Reputation: 1
ooo. i blogged something about this the other day:

http://www.azhowto.com/2009/04/05/nf...rewall-issues/
 
Old 04-07-2009, 12:44 PM   #59
rhel5
Member
 
Registered: Mar 2009
Location: Bay Area, CA
Distribution: Redhat Enterprise Linux
Posts: 59

Original Poster
Rep: Reputation: 15
Thanks custangro & descarte.

Hmm... I don't see a /etc/sysconfig/nfs file. I do see the /etc/sysconfig/iptables
 
Old 04-07-2009, 01:17 PM   #60
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,978
Blog Entries: 1

Rep: Reputation: 209Reputation: 209Reputation: 209
Quote:
Originally Posted by rhel5 View Post
Thanks custangro & descarte.

Hmm... I don't see a /etc/sysconfig/nfs file. I do see the /etc/sysconfig/iptables
If it's not there you can create the file with the entries that descarte mentioned in the blog.

-C
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Bind9: NDC command failed : rndc: connect failed: connection refused Boudewijn Linux - Networking 19 01-02-2014 07:19 AM
i need tools to practice for RHCE exams like rhce-config was for RHEL4 ashu.wifi Linux - Certification 16 12-10-2008 04:48 PM
No internet (no ethernet plug) - ppp0 failed and Audio CD - host failed new2 Linux - Laptop and Netbook 9 09-19-2008 12:18 PM
online_update failed - ERROR(Media:connection failed)[Connect failed] rover SUSE / openSUSE 8 02-22-2005 07:57 AM
unpacking of archive failed: cpio: read failed-input/output error rafc Linux - Newbie 0 04-21-2004 09:03 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - General > Linux - Certification

All times are GMT -5. The time now is 08:13 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration